Agencies advise organizations to protect against BlackCat/ALPHV ransomware

Apr 22, 2022 - 05:13 PM
Cybersecurity Lock on Gold Wall

The FBI this week released a report detailing indicators of compromise associated with ransomware variants that have compromised at least 60 entities worldwide, and recommendations for organizations to reduce their risk of attack. The Cybersecurity & Infrastructure Agency today encouraged organizations to review and apply the recommendations. 

John Riggi, AHA鈥檚 national advisor for cybersecurity and risk, said, 鈥淚n addition to containing actionable indicators of compromise, this FBI FLASH points out that the BlackCat gang is using advanced programming language (known as RUST) that increases the reliability of their attacks, and offering their capability to other hackers as 鈥榬ansomware as a service.鈥 It also notes that members of the BlackCat ransomware gang have been linked to the Russian-speaking Darkside/Blackmatter gang responsible for the Colonial Pipeline ransomware attack in 2021 鈥 thereby indicating this group may possess the capability to attack U.S. critical infrastructure. Whether they have the current intent remains to be seen. Given the possible Russian connection and the flurry of recent government warnings of Russian-state sponsored and criminal cyber threats to U.S. critical infrastructure, the BlackCat ransomware group is of significant concern.鈥   

For more information on this and other cyber risks, contact Riggi at jriggi@aha.org.

Related News Articles

Headline
Guidance offers steps to create, maintain operational technology asset inventory for protection
The Cybersecurity and Infrastructure Security Agency, Environmental Protection Agency, National Security Agency, FBI and international agencies Aug. 13鈥
Headline
DOJ announces disruption of BlackSuit ransomware group聽
The Department of Justice Aug. 11 announced a series of actions taken against the BlackSuit ransomware group, also known as 鈥淩oyal,鈥 including the disruption鈥
Headline
Tactics by Scattered Spider cybercriminals highlighted in joint advisory聽
The FBI, Cybersecurity and Infrastructure Security Agency and international agencies July 29 released a joint advisory on recent tactics by the Scattered鈥
Headline
Microsoft says China-based threat actors behind SharePoint attacks聽
Microsoft July 22 released an update on the ongoing cyberattacks to SharePoint servers used within organizations, attributing the incidents to China-based鈥
Headline
Agencies warn of activity by Interlock ransomware
The FBI, Cybersecurity and Infrastructure Security Agency, Department of Health and Human Services, and Multi-State Information Sharing and Analysis Center鈥
Headline
Microsoft issues alert on vulnerabilities in ongoing SharePoint attacks聽
Microsoft July 19 issued an alert about active attacks from vulnerabilities targeting SharePoint servers used within organizations. The incidents have not鈥